On Monday, September 3, 2018, Cameron Simpson <c...@cskk.id.au> wrote:
> On 03Sep2018 20:58, Wes Turner <wes.tur...@gmail.com> wrote: > >> So, if an application accepts user-supplied input (such as a JSON >> payload), >> is that data marked as non-executable? >> > > Unless you've hacked the JSON decoder (I think you can supply a custom > decoder for some things) all you're doing to get back is ints, strs, dicts > and lists. And floats. None of those is executable. Can another process or exploitable C extension JMP to that data or no? > > Cheers, > Cameron Simpson <c...@cskk.id.au> > _______________________________________________ > Python-ideas mailing list > Python-ideas@python.org > https://mail.python.org/mailman/listinfo/python-ideas > Code of Conduct: http://python.org/psf/codeofconduct/ >
_______________________________________________ Python-ideas mailing list Python-ideas@python.org https://mail.python.org/mailman/listinfo/python-ideas Code of Conduct: http://python.org/psf/codeofconduct/
